From 063d09740465bc74ccd8581bd4de412bb189caec Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Sun, 1 Nov 2020 02:17:54 +0100
Subject: [PATCH] add support for ipv6 nat

---
 defaults/main.yml          |  4 ++++
 templates/nftables.conf.j2 | 16 +++++++++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 336c124..978e603 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -8,6 +8,8 @@ firewall:
     output: {}
     nat_prerouting: {}
     nat_postrouting: {}
+    nat6_prerouting: {}
+    nat6_postrouting: {}
   chains:
     input:
       allow_ssh: tcp dport ssh
@@ -15,6 +17,8 @@ firewall:
     forward: {}
     nat_prerouting: {}
     nat_postrouting: {}
+    nat6_prerouting: {}
+    nat6_postrouting: {}
   policies:
     input: drop
     output: accept
diff --git a/templates/nftables.conf.j2 b/templates/nftables.conf.j2
index fb9c250..9201e70 100644
--- a/templates/nftables.conf.j2
+++ b/templates/nftables.conf.j2
@@ -60,7 +60,7 @@ table inet filter {
 	}
 }
 
-table nat {
+table ip nat {
 # NAT
 	chain prerouting {
 		type nat hook prerouting priority -100;
@@ -74,4 +74,18 @@ table nat {
 	}
 }
 
+table ip6 nat {
+# NAT
+	chain prerouting {
+		type nat hook prerouting priority -100;
+
+{{ nftchain('nat6_prerouting') }}
+	}
+	chain postrouting {
+		type nat hook postrouting priority 100;
+
+{{ nftchain('nat6_postrouting') }}
+	}
+}
+
 include "/etc/nftables.d/*.nft"